This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomatocart-13.0-wheezy-i386-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:51:58 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 134f4ea6d843340972c3d82e5d7ab0d5c99a46bf * md5sum 6455d7bfd80e6845eb30713600e70055 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3m2AAoJEIXCXpWhbrlNoY0H/i6pYQoWnvmH9SvDeYSj1EVv eRyTzEWJ7DBE09bmJIyGm4IcOHWalKnOoLMcU81iYlsXlZS1G7x612z9BN996HNy cdPZiR3UQ/7I0RQGNe6Lk9LwYCbcEMwvW+cmI794HJVuOhA05oMKI60/ZL0cfZyr eO7+1bOqaH5ssqZwP9U2eon1dAaM9JVignYkn/JFK4EDZ8l3rqL2JZlg1B+gr2tv NVEK6SyQeFP4OuqEISC2Sfclktm4vQYqqOsq+eG7ZXbqJZxXm9rzna8/mNbSRd+V DnI2jNu/qVO6t0vNCHd1iyYSicoVJRGxhKLzkMCDnL4JHLqdobF++Rjn9bobh1k= =vnSR -----END PGP SIGNATURE-----